Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19735

Credentials plugin is being overly paranoid about XSS in description fields of domains and credentials

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      If you use a markup formatter, the formatted markup's HTML is escaped so < becomes < which means that you see the HTML rather than having the HTML applied!

      The markup formatters are supposed to worry about the XSS, so let the markup formatters take care of the issue and expose their output unescaped.

        Attachments

          Activity

          Show
          stephenconnolly Stephen Connolly added a comment - https://github.com/jenkinsci/credentials-plugin/commit/81d6e7f79fd374738bcddd64b88b99438d62796f

            People

            Assignee:
            stephenconnolly Stephen Connolly
            Reporter:
            stephenconnolly Stephen Connolly
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: